The present invention relates generally to storage subsystems, and in particular to techniques for providing access to Logical Units within a storage subsystem by host computers.
Conventionally, security methodologies designed to prevent an illegal access to a storage subsystem by host computers depend on the functions of OS (Operating System), middleware or application software on the host side.
On the other hand, as the fibre channel protocol has been standardized in recent years, the various standard protocols such as SCSI, ESCON, and TCP/IP have become available to be used as the interface between the host computers and the storage subsystem, resulting in more and more efficient use of the storage resources within the storage subsystem.
However, because more than one host computer accesses one storage subsystem, the traditional security approaches that depend on operating system (OS), middleware, or application software on the host computer side, are increasingly recognized as providing insufficient security for the resources in modem storage subsystems.
What is really needed are techniques for performing security functions in computer storage subsystems connected to one or more host computers via high performance channel interfaces.